Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

AWS Expanding Private Cloud Services with PrivateLink Endpoints

AWS Endpoints have been a popular way among users to securely access S3 and DynamoDB from an Amazon virtual private cloud without the need for an internet gateway.

Amazon Web Services is expanding its private cloud options with the launch of AWS PrivateLink, a new endpoint service designed for customers who want to access the cloud in a highly available and scalable manner yet keep all the traffic within AWS only.

As of the launch Nov. 9, the Kinesis, Service Catalog, Amazon EC2, EC2 Systems Manager and Elastic Load Balancing APIs are now available to use inside an AWS virtual private cloud. The company also said support for more services will be coming soon, including Key Management Service and Amazon Cloudwatch.

Since VPC Endpoints launched in 2015, creating Endpoints has been a popular way among users to securely access S3 and DynamoDB from an Amazon virtual private cloud without the need for an internet gateway, a NAT (network address translation) gateway, or firewall proxies. With VPC Endpoints, the routing between the VPC and the AWS service is handled by the AWS network, and IAM (identity and access management) policies can be used to control access to service resources.

'Like Connecting a Virtual Cable'

Further reading

“With traditional endpoints, it’s very much like connecting a virtual cable between your VPC and the AWS service,” AWS’s Colm MacCárthaigh, Senior Engineer for Amazon Virtual Private Cloud, wrote in a blogpost. “Connectivity to the AWS service does not require an Internet or NAT gateway, but the endpoint remains outside of your VPC.

“With PrivateLink, endpoints are instead created directly inside of your VPC, using Elastic Network Interfaces (ENIs) and IP addresses in your VPC’s subnets. The service is now in your VPC, enabling connectivity to AWS services via private IP addresses. That means that VPC Security Groups can be used to manage access to the endpoints and that PrivateLink endpoints can also be accessed from your premises via AWS Direct Connect.”

Using the services powered by PrivateLink, customers can now manage fleets of instances, create and manage catalogs of IT services and store and process data without requiring the traffic to traverse the public internet, MacCárthaigh said.

To support testing and advanced configurations, every endpoint also gets a set of DNS names that are unique and dedicated to the endpoint. There’s a primary name for the endpoint and zonal names.

The primary name is particularly useful for accessing your endpoint via Direct Connect, without having to use any DNS over-rides on-premises. Naturally, the primary name can also be used inside of your VPC.

“By default, with the Private DNS Name enabled, using a PrivateLink endpoint is as straight-forward as using the SDK, AWS CLI or other software that accesses the service API from within your VPC. There’s no need to change any code or configurations,” MacCárthaigh said.

Pricing and Availability

AWS PrivateLink is available as of Nov. 9 in all AWS commercial regions except China (Beijing). For the region availability of individual services, please check AWS’s documentation.